Bypassing SMTP and POP block

[Raiden]

In my opinion subcontractors are people that have YOU as a client .... You pay them, they shouldn't be able to rant !!! Quite a nerve if you ask me ...

Anyway I have to agree with Nokia, and I would advise my boss in such matters. That way at least your back is covered. Typical case to escalate up to a boss ....

Cheers

[thehorse13]

There really shouldn't be an issue here.

Your security policy should already clearly outline how non employee network access is treated. In my case, if they walk in with a laptop, they get placed on a VLAN out to the internet that has no ACLs to our WAN. Period. End of story.

We do get contractors inhouse that need access to our WAN. In this case, they get a Govt. issue laptop that we *know* meets the security requirements in our policies. If the vendor starts complaining, we simply show him the door and let his company know why they lost a nice profitable contract. We have a clause in all contracts that allows us to remove contractors for failure to comply.

In my world, the squeeky wheel doesn't get the grease, it gets replaced with a new wheel.

--th13

[Raiden]

In my world, the squeeky wheel doesn't get the grease, it gets replaced with a new wheel.

HORSE !! that actually sounds intelligent .....
So no, really what do you do when your wife squeeks ? Replace it with a new one ? I like the idea though.

Cheers.

[Computernerd22]

I have number of Sub-contractors who wish to acces their companies email.. but.. it appears that atleast ports 25 and 110 are blocked ie smtp and POP access..

Why not simply unblock port 25(SMTP) and port 110 (POP3)? Also,

I had been instructed by one of City Admins to tell them to use Mail2Web

You informed them of this information but they still want yet DEMAND

want/demand to be able to use their email client software

They don't like it tell them to go take it up with your boss.

Und3ertak3r why would you 'Proxy the connection'?

[thehorse13]

So no, really what do you do when your wife squeeks ? Replace it with a new one ? I like the idea though.

That rule doesn't apply/work at home.

[FyreMouse]

th13 has it right. They are your customers not the other way around.

The contractors need to have certain realities explained to them.

1. They are already allowed to place thier own laptops on Your Network. They should be happy you even allow that. In most sites I visit this is cited as one of the number one security risks to the enterprise....unmonitored, unmanaged devices on the network.

2. Your security administrator, perhaps as high as the CSO has made the decision to block the ports. It's as solid as that, and without knowing better probably above your paygrade to change. Let your boss know, and start refering them to your management.

3. You already allow them internet access across your network. Thats about as much and truly more than they should expect. And if they are as experienced and knowledgable as they claim then they are well aware of thier fortune and are simply "pushing the FNG" to see how far they can get. Take the stand now while you still can.

Other advice, I agree with previous statement along here, if you HAVE to allow them to use thier own laptops than insist on certain security measures (anti-virus etc) on thier systems and make sure they are locked into the VLAN.

While most client sites I go to do Not allow outside hardware, one or two that do have always instisted on a complete virus scan and security cataloguing of my system before I took it onto thier network.



Cheers,

FyreMouse